﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;

namespace FITHOU_EDU_Server
{
    public partial class _Default : System.Web.UI.Page
    {
        //Global Variable
        String sqlCon = ConfigurationManager.ConnectionStrings["FITHOU_EDU"].ToString();
        //End Global Variable
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnLogin_Click(object sender, ImageClickEventArgs e)
        {
            string sUsername = txtUserID.Text;
            string sPassword = txtUserPassword.Text;
            bool bRemember = chkRemember.Checked;

            if(bValidLogin(sUsername, sPassword) == true)
            {
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                1, // Ticket version
                sUsername,// Username to be associated with this ticket
                DateTime.Now, // Date/time ticket was issued
                DateTime.Now.AddDays(7), // Date and time the cookie will expire
                bRemember, // if user has chcked rememebr me then create persistent cookie
                FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any.

                // To give more security it is suggested to hash it
                string hashCookies = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket

                // Add the cookie to the response, user browser
                Response.Cookies.Add(cookie);

                // Get the requested page from the url
                string returnUrl = Request.QueryString["ReturnUrl"];
                // check if it exists, if not then redirect to default page
                if (returnUrl == null) returnUrl = "~/Admin/Default.aspx";
                Response.Redirect(returnUrl);
            }
            else // wrong username and password
            {
                lblStatus.Text = "Tên đăng nhập hoặc mật khẩu không tồn tại!";
            }  
        }

        //->Hàm lấy ra thông tin người dùng theo ID và mật khẩu đã nhập
        private bool bValidLogin(string sUserName, string sPassword)
        {
            SqlConnection Con = new SqlConnection(sqlCon);
            SqlCommand cmd = new SqlCommand();
            SqlDataAdapter adapter = null;
            DataTable tbl = new DataTable();
            try
            {
                Con.Open();
                cmd.CommandText = "sp_ValidLogin";
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Connection = Con;
                cmd.Parameters.Add("@PK_sNguoidungID", SqlDbType.VarChar);
                cmd.Parameters.Add("@sMatkhau", SqlDbType.VarChar);
                cmd.Parameters[0].Value = sUserName;
                cmd.Parameters[1].Value = sPassword;
                adapter = new SqlDataAdapter(cmd);
                adapter.Fill(tbl);
            }
            catch (Exception e)
            {
                Response.Write(e.Message);
            }
            finally
            {
                if (Con.State != ConnectionState.Closed)
                    Con.Close();
                adapter.Dispose();
                Con.Dispose();
            }
            if (tbl.Rows.Count > 0)
                return true;
            else
                return false;
        }
        //Hàm lấy ra thông tin người dùng theo ID và mật khẩu đã nhập<-

    }
}